Page 1 of 1

how to setup recommended firewall rules for a basic desktop system?

Posted: 2018/03/23 12:35:14
by CNoob
I am new on Linux and Centos7. I have installed the latest Centos7 as minimal install with KDE.
Currently (for testing) i use Virtualbox under Windows 7 to install Centos7. later it will be installed correctly without Virtualbox.
Later i want to use the Thunderbird Email Client.
I want to have a secure desktop system (as much as possible) for me as private person.

Please can anyone help me to setup firewalld to allow only the most necessary connections?
Thank you.

Currently i want to setup these rules:

Code: Select all

##################
# Regeln
##################

# IPv4 Default
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

# Loopback-Schnittstelle Verkehr erlauben
$IPTABLES -A INPUT -i lo -j ACCEPT 
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# ICMP-Antwortpakete erlauben
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT 
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT 
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT

# Alle Pakete zu einer bestehenden TCP-Verbindung akzeptieren
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Alle Pakete ordentlich zurückweisen
$IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset 
$IPTABLES -A INPUT -j REJECT --reject-with icmp-port-unreachable
How can i setup these rules in firewalld? i it possible with gui firewall-config?
how can i disable ipv6 generally?
how to log all outgoing connections?

does anything miss? or any suggestions?

Re: recommended firewall settings for a basic desktop system?

Posted: 2018/03/23 12:46:12
by TrevorH
Yes. Do not use iptables to do anything other than look at the running rules if you run firewalld. Firewalld wants to control the rules and "knows" how they should be and will undo any manual changes you make with the iptables command. Use firewall-cmd to amend firewalld rules. Do not use iptables if you run firewalld.

Re: recommended firewall settings for a basic desktop system?

Posted: 2018/03/23 12:54:41
by CNoob
Thank your for this hint.
But still need Rules for firewalld.